Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

WAF Policy for App Gateway and AKS

  • August 31, 2021
  • 3 min read
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.
Cloud and Virtualization Architect. Florent is specializing in public, hybrid, and private cloud technologies. He is a Microsoft MVP in Cloud and Datacenter Management and an MCSE in Private Cloud.


If you are using Application Gateway, with WAF enabled, this article is for you. We will see how to deploy and use a WAF Policy.

This feature will help you to manage rules, policy and custom rules for an Application Gateway or a specific listener or a route path.

To start, deploy a new WAF Policy, choose the Regional WAF as policy:

WAF Policy

Select the OWASP rule set:

Select the OWASP rule set

Customize Policy settings if you need it:

Customize Policy settings

If you need custom rule, select it here:

Сustom rule

Finally, associate the WAF policy with you App Gateway:

Associate the WAF policy with you App Gateway

It is now associated:

Associated

Here, if we modify something is this rule, it will be applied to all listeners on this App Gateway. If you need to do some exceptions, for an OWASP rule, or to allow a specific public IP to access a webpage for example, you can create an additional WAF Policy, and associate it to a specific listener. Let’s do that. I’ll create a new policy, to deny my public ip to access the website starwind.cloudyjourney.fr:

Create s WAF Policy

Let’s associate it with my listener that hosts my website:

Associate it with listener that hosts the website

When the policy is applied and if I navigate to the website, I will have a forbidden message:

Forbidden message

If I change the rule to allow my public ip now, I can browse the URL:

Browse the URL

As you can see, with WAF Policy, you can customize rules for a specific listener (website) without impacting others.

Hey! Found Florent’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!